Re: [Unbound-users] Unbound and firewall

Thu, 29 Nov 2012 08:46:49 -0800 

Finally i forgot this line in my firewall rules:

      iptables -A INPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT


Thanks for all, 






________________________________
 De: Ondřej Surý <[email protected]>
Para: Ricardo Fraile <[email protected]> 
CC: "[email protected]" <[email protected]> 
Enviado: Jueves 29 de noviembre de 2012 17:35
Asunto: Re: [Unbound-users] Unbound and firewall
 

You really don't want to do that. Lookup up and read about Kaminsky DNS bug.

Ondřej Surý

On 29. 11. 2012, at 16:59, Ricardo Fraile <[email protected]> wrote:


I think that the unbound open an arbitrary udp port, how can I fix for use 
always the same port?
>
>
>
>
>
>
>Active Internet connections (servers and established)
>Proto Recv-Q Send-Q Local Address           Foreign Address         State      
> PID/Program name
>udp        0      0 0.0.0.0:53              0.0.0.0:*                          
> 1152/unbound    
>udp        0      0 0.0.0.0:17790           0.0.0.0:*                          
> 1152/unbound 
>
>
>
>
>
>
>
>
>
>
>thanks,
>
>
>
>________________________________
> De: Ricardo Fraile <[email protected]>
>Para: "[email protected]" <[email protected]> 
>Enviado: Jueves 29 de noviembre de 2012 16:43
>Asunto: Unbound and firewall
> 
>
>Hello, 
>
>
>
>   I try to put iptables in the same server that unbound but I can't do a 
>local resolv:
>
>
>dig terra.es @127.0.0.1
>
>
>; <<>> DiG 9.7.3 <<>> terra.es @127.0.0.1
>;; global options: +cmd
>;; connection timed out; no servers could be reached
>
>
>
>
>
>
>whit this iptables rules:
>
>
>:INPUT ACCEPT [0:0]
>:FORWARD ACCEPT [0:0]
>:OUTPUT ACCEPT [2271:2106405]
>-A INPUT -s 30.0.0.0/8 -p tcp -j ACCEPT 
>-A INPUT -s 30.0.0.0/8 -p udp -j ACCEPT 
>-A INPUT -s 30.0.0.0/8 -p icmp -j ACCEPT 
>-A INPUT -s 127.0.0.1/32 -p udp -j ACCEPT 
>-A INPUT -s 127.0.0.1/32 -p tcp -j ACCEPT 
>-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 
>-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT 
>
>-A INPUT -p udp -m udp --dport 53 -j ACCEPT 
>-A INPUT -j DROP 
>COMMIT
>
>
>
>
>
>
>If I clean the firewall, all works, but why? Which ports use unbound for the 
>queries?
>
>
>
>
>Thanks,
>
>
>
>
>
>
>
>
>
>
_______________________________________________
>Unbound-users mailing list
>[email protected]
>http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

Reply via email to